be able to put username in secrets (#828)

This also adds the ability to put customdashboards.prometheus credentials in secrets
part of: kiali/kiali#7795

crd-docs/crd/kiali.io_kialis.yaml

@@ -712,7 +712,7 @@ spec:
  description: "When true and if `auth.type` is `bearer`, Kiali Service Account token will be used for the API calls to Prometheus (in this case, `auth.token` config is ignored)."
  type: boolean
  username:
- description: "Username to be used when making requests to Prometheus with `basic` authentication."
+ description: "Username to be used when making requests to Prometheus with `basic` authentication. May refer to a secret."
  type: string
  cache_duration:
  description: "Prometheus caching duration expressed in seconds."
@@ -780,7 +780,7 @@ spec:
  description: "When true and if `auth.type` is `bearer`, Kiali Service Account token will be used for the API calls to Grafana (in this case, `auth.token` config is ignored)."
  type: boolean
  username:
- description: "Username to be used when making requests to Grafana with `basic` authentication."
+ description: "Username to be used when making requests to Grafana with `basic` authentication. May refer to a secret."
  type: string
  dashboards:
  description: "A list of Grafana dashboards that Kiali can link to."
@@ -938,7 +938,7 @@ spec:
  description: "When true and if `auth.type` is `bearer`, Kiali Service Account token will be used for the API calls to Prometheus (in this case, `auth.token` config is ignored)."
  type: boolean
  username:
- description: "Username to be used when making requests to Prometheus with `basic` authentication."
+ description: "Username to be used when making requests to Prometheus with `basic` authentication. May refer to a secret."
  type: string
  cache_duration:
  description: "Prometheus caching duration expressed in seconds."
@@ -1006,7 +1006,7 @@ spec:
  description: "When true and if `auth.type` is `bearer`, Kiali Service Account token will be used for the API calls to the Tracing server (in this case, `auth.token` config is ignored)."
  type: boolean
  username:
- description: "Username to be used when making requests to the Tracing server with `basic` authentication."
+ description: "Username to be used when making requests to the Tracing server with `basic` authentication. May refer to a secret."
  type: string
  custom_headers:
  description: "A set of name/value settings that will be passed as headers when requests are sent to the Tracing backend."

roles/default/kiali-deploy/tasks/main.yml

@@ -591,6 +591,11 @@
  {# Initialize #}
  {% set d = {} %}
 
+ {# Prepare the secret volume for prometheus username #}
+ {% if kiali_vars.external_services.prometheus.auth.username | regex_search('secret:.+:.+') %}
+ {% set d = d | combine({'prometheus-username': {'secret_name': kiali_vars.external_services.prometheus.auth.username | regex_replace('secret:(.+):.+', '\\1'), 'secret_key': kiali_vars.external_services.prometheus.auth.username | regex_replace('secret:.+:(.+)', '\\1') }}) %}
+ {% endif %}
+
  {# Prepare the secret volume for prometheus password #}
  {% if kiali_vars.external_services.prometheus.auth.password | regex_search('secret:.+:.+') %}
  {% set d = d | combine({'prometheus-password': {'secret_name': kiali_vars.external_services.prometheus.auth.password | regex_replace('secret:(.+):.+', '\\1'), 'secret_key': kiali_vars.external_services.prometheus.auth.password | regex_replace('secret:.+:(.+)', '\\1') }}) %}
@@ -601,6 +606,11 @@
  {% set d = d | combine({'prometheus-token': {'secret_name': kiali_vars.external_services.prometheus.auth.token | regex_replace('secret:(.+):.+', '\\1'), 'secret_key': kiali_vars.external_services.prometheus.auth.token | regex_replace('secret:.+:(.+)', '\\1') }}) %}
  {% endif %}
 
+ {# Prepare the secret volume for tracing username #}
+ {% if kiali_vars.external_services.tracing.enabled|bool == True and kiali_vars.external_services.tracing.auth.username | regex_search('secret:.+:.+') %}
+ {% set d = d | combine({'tracing-username': {'secret_name': kiali_vars.external_services.tracing.auth.username | regex_replace('secret:(.+):.+', '\\1'), 'secret_key': kiali_vars.external_services.tracing.auth.username | regex_replace('secret:.+:(.+)', '\\1') }}) %}
+ {% endif %}
+
  {# Prepare the secret volume for tracing password #}
  {% if kiali_vars.external_services.tracing.enabled|bool == True and kiali_vars.external_services.tracing.auth.password | regex_search('secret:.+:.+') %}
  {% set d = d | combine({'tracing-password': {'secret_name': kiali_vars.external_services.tracing.auth.password | regex_replace('secret:(.+):.+', '\\1'), 'secret_key': kiali_vars.external_services.tracing.auth.password | regex_replace('secret:.+:(.+)', '\\1') }}) %}
@@ -611,6 +621,11 @@
  {% set d = d | combine({'tracing-token': {'secret_name': kiali_vars.external_services.tracing.auth.token | regex_replace('secret:(.+):.+', '\\1'), 'secret_key': kiali_vars.external_services.tracing.auth.token | regex_replace('secret:.+:(.+)', '\\1') }}) %}
  {% endif %}
 
+ {# Prepare the secret volume for grafana username #}
+ {% if kiali_vars.external_services.grafana.enabled|bool == True and kiali_vars.external_services.grafana.auth.username | regex_search('secret:.+:.+') %}
+ {% set d = d | combine({'grafana-username': {'secret_name': kiali_vars.external_services.grafana.auth.username | regex_replace('secret:(.+):.+', '\\1'), 'secret_key': kiali_vars.external_services.grafana.auth.username | regex_replace('secret:.+:(.+)', '\\1') }}) %}
+ {% endif %}
+
  {# Prepare the secret volume for grafana password #}
  {% if kiali_vars.external_services.grafana.enabled|bool == True and kiali_vars.external_services.grafana.auth.password | regex_search('secret:.+:.+') %}
  {% set d = d | combine({'grafana-password': {'secret_name': kiali_vars.external_services.grafana.auth.password | regex_replace('secret:(.+):.+', '\\1'), 'secret_key': kiali_vars.external_services.grafana.auth.password | regex_replace('secret:.+:(.+)', '\\1') }}) %}
@@ -626,6 +641,21 @@
  {% set d = d | combine({'login-token-signing-key': {'secret_name': kiali_vars.login_token.signing_key | regex_replace('secret:(.+):.+', '\\1'), 'secret_key': kiali_vars.login_token.signing_key | regex_replace('secret:.+:(.+)', '\\1') }}) %}
  {% endif %}
 
+ {# Prepare the secret volume for customdashboards prometheus username #}
+ {% if kiali_vars.external_services.custom_dashboards.prometheus.auth.username | regex_search('secret:.+:.+') %}
+ {% set d = d | combine({'customdashboards-prometheus-username': {'secret_name': kiali_vars.external_services.custom_dashboards.prometheus.auth.username | regex_replace('secret:(.+):.+', '\\1'), 'secret_key': kiali_vars.external_services.custom_dashboards.prometheus.auth.username | regex_replace('secret:.+:(.+)', '\\1') }}) %}
+ {% endif %}
+
+ {# Prepare the secret volume for customdashboards prometheus password #}
+ {% if kiali_vars.external_services.custom_dashboards.prometheus.auth.password | regex_search('secret:.+:.+') %}
+ {% set d = d | combine({'customdashboards-prometheus-password': {'secret_name': kiali_vars.external_services.custom_dashboards.prometheus.auth.password | regex_replace('secret:(.+):.+', '\\1'), 'secret_key': kiali_vars.external_services.custom_dashboards.prometheus.auth.password | regex_replace('secret:.+:(.+)', '\\1') }}) %}
+ {% endif %}
+
+ {# Prepare the secret volume for customdashboards prometheus token #}
+ {% if kiali_vars.external_services.custom_dashboards.prometheus.auth.token | regex_search('secret:.+:.+') %}
+ {% set d = d | combine({'customdashboards-prometheus-token': {'secret_name': kiali_vars.external_services.custom_dashboards.prometheus.auth.token | regex_replace('secret:(.+):.+', '\\1'), 'secret_key': kiali_vars.external_services.custom_dashboards.prometheus.auth.token | regex_replace('secret:.+:(.+)', '\\1') }}) %}
+ {% endif %}
+
  {# Set the yaml to the new dict #}
  {{ d | to_nice_yaml }}
  set_fact: